[Samba] Problem using ADS
Hi, I have configured samba to authenticate against a windows 2003 AD. There is no error joining to the domain .. If I try to access any share using smbclient using an existing user account from the AD, it returns an error NT_STATUS_LOGON_FAILURE. On adding the same user to local machine (/etc/passwd), the smbclient logs in and displays all information properly. Is this the usual behavior or did I forget configuring something ? Dave Jones Samba version : samba-3.0.25pre2 running on SLES 10 smb.conf : [global] security = ADS workgroup = NEWLIFE realm = NEWLIFE.COM idmap gid = 2-25000 idmap uid = 3-4 winbind separator = + password server = 192.168.32.1 use spnego = no kernel oplocks = no [tmp] path = /tmp writeable = yes # ./net ads join -Uadministrator%TesTing123 Using short domain name -- NEWLIFE Joined 'rhel-4' to realm 'NEWLIFE.COM' # ./smbclient -k -UNEWLIFE+Administrator%happy123 //192.168.32.40/tmp session setup failed: NT_STATUS_LOGON_FAILURE # cat /etc/passwd | grep user1 user1:x:1000:100::/home/user1:/bin/bash #./smbclient -k -UNEWLIFE+user1%happy //192.168.32.40/tmp Domain=[NEWLIFE] OS=[Unix] Server=[Samba 3.0.25pre2] smb: \ # ping 192.168.32.40 PING 192.168.32.40 (192.168.32.40) 56(84) bytes of data. 64 bytes from 192.168.32.40: icmp_seq=1 ttl=64 time=3.74 ms 64 bytes from 192.168.32.40: icmp_seq=2 ttl=64 time=0.257 ms 64 bytes from 192.168.32.40: icmp_seq=3 ttl=64 time=0.269 ms --- 192.168.32.40 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 0.257/1.424/3.747/1.642 ms Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: New maintainer needed for the Linux smb filesystem
On Sun, Aug 21, 2005 at 12:46:57PM -0700, Andrew Morton wrote: Adrian Bunk [EMAIL PROTECTED] wrote: Since Urban Widmark was not active for some time, and I didn't have any success trying to reach him, it seems we need a new maintainer for the smb filesystem in the Linux kernel. Is there anyone who both feels qualified and wants to become the new maintainer? Yes, it's a poor situation. That driver seems to have quite a few problems. I was hoping that by now we could simply deprecate smbfs and tell people to use CIFS, but I'm not sure that CIFS is ready for that yet. Steve, what's your take? Does CIFS offer a 100% superset of smbfs capabilities? A while ago, we disabled it in Fedora kernels, and told people Use CIFS instead. There were a whole range of Windows variants that it couldn't talk to. Maybe the situation has improved since, but at the time, it was bad enough that we had to switch smbfs back on. Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbfs Unicode patch for 2.4.x kernel
On Mon, Dec 13, 2004 at 03:00:07PM -0800, Julian Pellico wrote: I'm looking for a patch to the redhat 2.4 kernel to add Unicode support to smbfs. My particular version is 2.4.26. There was no Red Hat 2.4.26 kernel. Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: samba 2.2.8/util_str.c - Why is '$' exempted from '_' replac
Item on the todo list is to either have a VMS specific queue module that uses the $sndjbc[w]/$getqui[w] interfaces I did a module like that last year, see http://www.er6.eng.ohio-state.edu/~jonesd/print_vms_2.zip The JOB ID mapping is a problem. I cheated and assumed that VMS queue entry numbers are less than 10,000 and that samba-created jobs don't exceed 6000. I don't know if VMS version 8 manages entry numbers differently. My print_vms module looks for the SAMBA_SERVED printer characteristic and if found only serves printers that have that characteristics set. -- David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
vms_tdb performance against unexpected.tdb
In a previous thread, I noted the performance degradation brought about by excessive I/O's in scanning unexpected.tdb. Over time, the contiual adding and deleting of records by nmbd to this file makes sequential scanning of the records extremely inefficient. At first, I thought the problem was just the index tree becoming fragmented, but further study shows that it is the deleted data records themselves causing the problem. As far as I can tell, there is no way to clean up the data area on an open file. You have to convert/reclaim the file (which requires exclusive access). -- David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
printing robustness issue
I'm using VMS samba (2.2.8) to service about 10 print queues to about 100 PCs. Every now and then, something goes wrong with a print operation and the PC and the SMBD process end up in a loop chatting about their predicament. The SMBD process will show 2000-3000 I/O's per second. I haven't been able to track down the exact set of circumstances that causes this loop, has anyone else seen this in a way they could reproduce reliably? If you kill the smbd process, the spooler process on the PC (under XP pro), immediately reconnects to the server and appears to want to retry sending the print job (I make the new smbd start with a higher debug level to see what is going on). The new smbd process doesn't recognize the printer handle and apparently sends a WERR_BADFID error response, to which the PC reacts by repeating the attempt a short time later. The net ammount of I/O from this loop is relatively low, but it never stops until you reboot the machine. - David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
vms_tdb.c modifications
I did some further modifications to vms_tdb.c/tdb.h, available at http://www.er6.eng.ohio-state.edu/~jonesd/samba/vms_tdb.zip. Changes: - Increase the maximum record size to 2036 bytes. - Fixed a bug in the TDB_INTERNAL mode operation (only the [.locking]posix.c module appears to use an 'internal' tdb. - Save the last key as well as the last hash in the TDB_CONTEXT structure. The optimization in fetch() now checks the last key is the same as well as the last hash. - The TDB_DATA items returned by the external functions now point to dynamically allocated copies of the data rather have the dptr field point to internal data buffers. The main samba code assumes the dptr field contains an address returned by malloc() and can free() or realloc it. - Redid the CLEAR_IF_FIRST handling, the initialization logic is now: Generate resource name (SMBTDB_'fname'). if CLEAR_IF_FIRST then lock resource with CR (concurrent read) mode lock. convert lock to PW (protected write) mode lock with NOQUEUE flag. if conversion succeeds then zero the database. end convert lock to PR (protected read) mode. else lock resource with PR (protected read) mode lock. end The idea is that the first person can get the PW mode lock because there is no contention. Subsequent users will fail to get the PW mode lock and then the conversion to PR mode will force them to wait until the guy with the PW lock completes the file initialization (and lowers his lock to PR mode. Passing through CR mode is probably superflous. -- David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Problems using Samba/VMS Print shares
I'm gradually working on a fresh port of 2.2.8, most recently working on
a VMS native printer interface. All the print queue operations are done
by way of SYS$SNDJBC and SYS$GETQUI calls rather than spawning DCL commands.
It's fairly self-contained, so I put the sources in a zip file at
http://www.er6.eng.ohio-state.edu/~jonesd/samba/print_vms_1.zip
Below is the readme file from the print_vms_1.zip.
24-JUN-2003
The print_vms.c source module defines a 'native' OpenVMS printer interface for
the Samba server. The low level printer operations (get, pause, submit, etc)
are performed using direct VMS system service calls ($SNDJBC, $GETQUI) rather
than spawning print commands. This work is being done on VMS 7.2-1 and 7.3
Alpha systems.
Configuration file (smb.conf) settings:
printcap name: Set to vms to force VMS_printif interface to be used.
load printers: Set to yes.
print command: Specify just the qualfiers for the print command, e.g:
print command = /parameters=(DATA_TYPE=POSTSCRIPT)
Only 17 of the myriad of VMS PRINT command qualifiers
are recognized, see header comments in
print_vms_parse.c for a description. Note that /queue
is not used to specify a queue.
printing: Ignored (there is no lpq output to parse, its value
is meaningless).
lp{*} command: Ignored, commands aren't spawned.
New files:
print_vms.c This file defines the global structure (VMS_printif)
that samba uses to interface with the host OS print
spooler. This structure vectors 7 low-level functions
(queue_get, queue_pause, queue_resume, job_delete,
job_pause, job_resume, job_submit) for managing a
printer queue. Is also defines a 'find' function,
vms_printer_fn(), that samba uses to discover
the printers on the system.
print_vms_parse.c This file handles the parsing of the print command
parameter (from smb.conf) so that print_vms.c can
apply site-specific item codes to submit requests.
Modified files:
printing.c Modify to recognize the special printcap name vms
and switch the printer interface to VMS_printif if so.
Use the HAVE_CUPS code sections as your guide.
pcap.c Modify to force pcap_printername_ok() and
pcap_printer_fn() to recognize the special vms
printcap file and hand off to vms_printername_ok()
and vms_printer_fn().
-
David L. Jones | Phone:(614) 292-6929
Ohio State University| Internet:
140 W. 19th St. Rm. 231a | [EMAIL PROTECTED]
Columbus, OH 43210 | [EMAIL PROTECTED]
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html
Re: Detecting directory changes
In message [EMAIL PROTECTED], John E. Malmberg [EMAIL PROTECTED] writes: The file system is scheduled for a major overhaul. I can not give details, but any program that makes any assumptions about undocumented internal structures such as names of locks may break. Yes, such a program may break in the future when someone eventually tries to run it under some future version of VMS. In the mean time, there are problems to be solved now where using undisclosed (they hopefully were documented somewhere by the developers) interfaces is the only practical solution. Such a program should isolate and abstract the fragile pieces as much possible. You do want to be able to support disks that are larger than a Terabyte, or files that are that big don't you? Parts of the retired POSIX product were used as a basis of the DII COE effort, and the DII COE routines that are used for UNIX portability are being merged into the base OpenVMS product. As this is happening, the POSIX modules may be removed or stop working. Or they may continue to be used. This is being decided by the teams involved. We just recently went through an issue on comp.os.vms with the CSWING freeware application that was and still is making invalid assumptions about how the file system operates or will operate in the future. Some early programmer apparently got this mis-information from reading the source listings, or from trial and error. Now I have put in requests for features to the file system, like a 64 bit ino_t type, storing at file close the apparent UNIX size of a record oriented file for stat to return, storing the UTC time in addition to local time so that stat will run faster. I have also requested support for alternate filenames, to help support ODS-2/ODS-5/ODS-? and 8.3 file lookups for applications like Pathworks Advanced Server and SAMBA. But when it comes time to look at funding and time allocation. Customer requested enhancements get priority over internal requests when all other things are equal. The use of the internal POSIX routine may work in the short term, but it should not be considered a permanent solution. -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Detecting directory changes
[Please ignore my previous post, sent by accident before I finished it..] In message [EMAIL PROTECTED], John E. Malmberg [EMAIL PROTECTED] writes: The file system is scheduled for a major overhaul. I can not give details, but any program that makes any assumptions about undocumented internal structures such as names of locks may break. Yes, such a program may break in the future when someone eventually tries to run it under some future version of VMS. In the mean time, there are problems to be solved now where using undisclosed (they hopefully were documented somewhere by the developers) interfaces is the only practical solution. Such a program should isolate and abstract the fragile pieces as much possible. Now I have put in requests for features to the file system, like a 64 bit ino_t type, storing at file close the apparent UNIX size of a record oriented file for stat to return, storing the UTC time in addition to local time so that stat will run faster. I have also requested support for alternate filenames, to help support ODS-2/ODS-5/ODS-? and 8.3 file lookups for applications like Pathworks Advanced Server and SAMBA. Obviously, the first step is making a file header 8K instead of 512 bytes in size :-) For UTC times in the file headers, I think it would be more compatible with ODS-2/5 if you stored the timezone offsets to be applied to the existing local time timestamps. - David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: New release of Samba-Vms 2.2.7a
The biggest news is that the TDB files are now RMS Indexed ones, so the performances are better and the files are no more corrupted. A new procedure in SAMBA_ROOT:[BIN], named INIT_TDB.COM, is provided for creating empty TDB files. This procedure is used during the installation processing for initialing the TDB files. I put a modified vms_tdb.c in the zip file at: http://www.er6.eng.ohio-state.edu/~jonesd/samba/vms_tdb.zip that knows how to create the indexed files without the external command procedure. When the .tdb file is missing or the wrong record type, it creates a new file with FDL$CREATE using FDL embedded in the source file. I also made some minor changes so it compiles without requiring /standard=VAX. -- David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
passwd()/crypt() emulation incorrect
The way the samba port emulates passwd()/crypt() functionality against the SYSUAF is wrong, you can't simply return a pointer to the VMS password hash quadword as the passwd string. In traditional UNIX, the passwd() function returns a pointer to a null-terminated encoding of the password hash, the first 2 bytes of which are a 'salt' value. The crypt() function takes the salt value and a candidate plain-text password to generate another encoded string for comparsion (using strcmp()) with the original encoded passwd string. The raw binary string returned by the emulation routines can yield false positives if the hash has embedded zeros due to samba's use of strcmp() for the comparison. I did a scan of my system's SYSUAF and 2.6% of the hashes have a zero before the eighth byte. The earlier in the quadword the zero occurs, the more potential for false password matches. I placed a pwd.c in http://www.er6.eng.ohio-state.edu/~jonesd/samba/pwd.zip that returns valid ASCIZ strings for the passwd and crypt functions. The string encodes an extended salt so you don't have to assume the crypt() call refers to the most recent data returned by passwd(). -- David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Detecting directory changes.
I just joined this list, I've been playing with samba to the past few weeks.
In the archives there was discussion of the difficulty of reliably
invalidating the stat cache when directory updates don't change it's
allocation. While poking around the VMS source listings for a better
solution, I came across a system routine that looks made to order for this
problem. If you open the directory file, the function F11X$POSIX_FASTRDSEQNOS
can be used to quickly fetch the header and data sequence numbers stored
in the access lock's value block. Any change to the contents of the
directory increments the data sequence, even if the header sequence
(file allocation, protection, etc) remains unchanged.
Below is a program that demonstrates the function. I've tested the program
under Alpha VMS 7.2-1 and 7.3-1, the routine appears to have been introduced
circa 1993.
--
/*
* Test for existence of f11x$posix_fastreadseqnos. This function returns
* the sequence numbers held in the serialization lock for an open
* directory, allowing you to quickly test for modification:
*
*hdrseqIncremented when header data changed (e.g. file
* grows or shrinks).
*
*dataseq Incremented when file data changes (e.g. file renamed).
*
* Privileges:
*Caller must have sysprv and cmkrnl privilege.
*
* Linking:
*Link the the /sysexe qualifier (sys$system:sys.stb on vax) to resolve
*the F11X$POSIX_FASTRDSEQNOS reference.
*
* Author: David Jones
* Date:3-MAR-2003
*
*/
#include stdio.h
#include stdlib.h
#include string.h
#include stat.h
#include fibdef.h
#include ssdef.h
#include starlet.h
#include descrip.h
#include iodef.h
struct seqno_st {
long hdrseq;/* header data sequnece */
long dataseq; /* file data sequence */
};
/*
* This function is part of the operating system image, link using
* the /sysexe[/selective_search] qualifer.
*/
int F11X$POSIX_FASTRDSEQNOS ( short chan, struct seqno_st *seqno );
int main (int argc, char **argv)
{
int status;
struct seqno_st seqno;
short chan;
struct stat info;
static $DESCRIPTOR(devnam_dx,);
struct { int length; struct fibdef *fib; } fib_desc;
struct fibdef fib;
struct { unsigned short status, count; long devdepend; } iosb;
char line[80];
/*
* Mislinking can cause system crash! do sanity check.
*/
if ( !F11X$POSIX_FASTRDSEQNOS ) {
printf ( Program improperly built, must link /sysexe\n );
return SS$_ABORT;
}
/*
* Stat the directory file named on the command line in order to
* get device name and file id.
*/
if ( argc 2 ) {
printf ( usage: fast_seqno filename\n );
return 1;
}
status = stat ( argv[1], info );
if ( status != 0 ) {
printf ( Failed to stat file '%s'\n, argv[1] );
return 1;
}
/*
* Assign channel and access file with speical fib$m_seqno that forces
* XQP to keep an access lock on the file.
*/
devnam_dx.dsc$a_pointer = info.st_dev;
devnam_dx.dsc$w_length = strlen ( devnam_dx.dsc$a_pointer );
status = SYS$ASSIGN ( devnam_dx, chan, 0, 0, 0 );
if ( (status1) == 0 ) {
printf ( Assign to '%s' failed: %d\n, info.st_dev, status );
return status;
}
fib.fib$l_acctl = FIB$M_SEQNO | FIB$M_NORECORD | FIB$M_NOLOCK;
fib.fib$w_fid[0] = info.st_ino[0];
fib.fib$w_fid[1] = info.st_ino[1];
fib.fib$w_fid[2] = info.st_ino[2];
fib.fib$w_did[0] = fib.fib$w_did[1] = fib.fib$w_did[2] = 0;
fib_desc.length = 10; /* minimal FIB */
fib_desc.fib = fib;
status = SYS$QIOW ( 0, chan, IO$_ACCESS|IO$M_ACCESS, iosb,
0, 0,
fib_desc, 0, 0, 0, 0, 0 );
if ( (status1) == 1 ) status = iosb.status;
if ( (status1) == 0 ) {
printf ( Error in access, status: %d, iosb: %d %d %x\n, status,
iosb.status, iosb.count, iosb.devdepend );
return status;
}
/*
* Now enter loop where we fetch sequence numbers every time returnis
* it.
*/
printf ( Each time you hit return, the current sequence numbers will\n);
printf ( fetched and displayed. hit ctrl-Z to exit\n );
seqno.hdrseq = 0;
seqno.dataseq = 0;
while ( fgets ( line, 79, stdin ) ) {
/*
* XQP function must be called from kernel mode (probably
* need pages locked as well).
*/
struct {
long count;
long channel;
struct seqno_st *seqno;
} arglist;
arglist.count = 2;
arglist.channel = chan;
arglist.seqno = seqno;
status = SYS$CMKRNL ( F11X$POSIX_FASTRDSEQNOS, arglist );
printf ( status: %d, hdrseq: %d, dataseq: %d\n, status,
seqno.hdrseq, seqno.dataseq );
}
/*
* Cleanup.
